by In order to allow users to query SQL databases through natural language (NLP), many databases use Text-to-SQL machine learning models, but researchers have found that hackers can design some question inputs to make this machine learning The model generates malicious code and executes it, thereby stealing data or blocking the operation of the database. The NPM suite JsonWebToken high-risk vulnerability CVE-2022-23529, which was publicly disclosed half a year ago, researchers released more details this week. They said that the scope of the vulnerability is quite extensive, and more than 22,000 projects will be affected. Users are urged to respond Fix asap. The U.S. government intends to create an AI-based information security analysis sandbox system CAP-M, and intends to share its analysis results with public departments, enterprises, and academic institutions. The news website The Register pointed out that this sandbox should be part of US President Joe Biden’s defense policy.
